Privacy Policy
Last updated June 30, 2026
This Privacy Policy explains how Oath™ collects, uses, and protects your information. Oath is a personal-finance app, so we take the trust you place in us seriously — your financial data is yours, and the choices below are written to keep it that way.
Who we are
Oath is operated by Atkins Studio, Inc. (“Oath,” “we,” “us,” or “our”), based in Tennessee. This policy applies to the Oath website, web app, and any related services we offer (together, the “Service”). You can reach us any time at privacy@oath.money.
Information we collect
We collect the information needed to give you a working, useful product:
- Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
- Sensitive Personal Information such as personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
- Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
- Geolocation data.
- Professional or employment-related information.
Sources of personal information
We collect personal information from the following categories of sources:
- directly from you, when you create an account or manually enter financial information;
- automatically from your device and browser when you use the Service;
- from operating systems and platform infrastructure providers to deliver the Service;
- from our payment processor; and
- from third-party financial institutions through our transaction-import service provider, when you choose to link an account.
How we use your information
We use your information to:
- Provide, maintain, and improve the Service;
- Display your budgets, accounts, and transactions back to you;
- Import and categorize transactions from accounts you connect;
- Communicate with you about your account and important changes;
- Secure the Service and prevent fraud and abuse;
- Comply with our legal obligations.
We do not use your personal financial data to make decisions about you beyond delivering the features you asked for.
We do not sell your data
We do not sell your personal information. We do not rent, trade, or otherwise hand your personal financial data to third parties for their own marketing or profit. Oath has not sold or shared customers’ personal information in the preceding 12 months, as “shared” is understood by applicable law. Oath does not have actual knowledge that it sells or shares the personal information of consumers under 16 years of age.
The one carve-out, stated plainly: we may create aggregated or de-identified data — information that has been stripped of identifiers so it can no longer reasonably be tied back to you — and use it internally to understand product performance and improve Oath. This aggregated, de-identified data is never sold and is never re-identified back to you. Your identifiable personal and financial information stays inside Oath.
Service providers
We rely on a small set of trusted service providers to run Oath — for example, cloud hosting and database infrastructure, transaction-import providers, email delivery, and analytics. These providers process data only on our behalf and under contractual obligations to protect it; they are not permitted to use your data for their own purposes. The following categories of third parties may receive, for the stated business purposes, the following categories of personal information:
| Service Provider Category | Role | PI Categories Handled |
|---|---|---|
| Database and authentication provider | Database, authentication, and encrypted secret vault (hosts all app data) | Identifiers; Personal information; Commercial information; Internet/network activity; Geolocation data; Professional/employment information; Sensitive Personal information, namely financial account information |
| Financial data import provider | Bank account, transaction, and investment import | Identifiers; Personal information; Commercial information; Sensitive Personal information, namely financial account information |
| Payment processor | Payment processing and subscription management | Identifiers; Personal information; Commercial information |
| Email delivery provider | Transactional email | Identifiers |
| Product analytics provider | First-party product analytics and session replay | Identifiers; Internet/network activity |
| Hosting and infrastructure provider | Hosting, serverless functions, edge geolocation | Identifiers; Internet/network activity; Geolocation data |
| Bot-detection provider | Bot challenge on the public privacy-request form | Identifiers |
| Bug-tracking provider | Bug-triage issue projection | Identifiers |
How we protect your information
We use industry-standard safeguards to protect your information, including encryption in transit, access controls, and row-level security so each user can only reach their own data. Credentials for connected financial accounts are stored encrypted and are never exposed to your browser. No system is perfectly secure, but protecting your financial data is a core design priority, not an afterthought.
Sensitive personal information
Oath may collect the following categories of sensitive personal information, as understood under applicable law: a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account. Oath uses and discloses sensitive personal information only for purposes permitted under applicable law, specifically to provide the Service and as otherwise described in this policy. Oath does not use or disclose sensitive personal information for inferring characteristics about consumers or for other purposes not defined under applicable law.
Data retention and your rights
We keep your information for as long as your account is active or as needed to provide the Service. We intend to retain each category of personal information for the following periods, or until the criteria below are met:
| Category | Proposed retention |
|---|---|
| Identifiers | Life of account; deleted within 30 days of verified account deletion, except where retained for legal/tax/fraud purposes. |
| Financial information | Life of account; deleted on account deletion. |
| Commercial information | Retained as needed for legal, tax, and accounting obligations, then deleted. |
| Network information | Retained for up to 12 months, then purged. |
| Geolocation data | Country-level only; life of account, deleted on account deletion. |
| Professional or employment-related information | Life of account; deleted on account deletion. |
U.S. State Privacy Rights
Depending on the state in which you reside, you may have certain rights with respect to your personal information under applicable state privacy law. The laws that may apply to you include the California Consumer Privacy Act (as amended by the California Privacy Rights Act), the Colorado Privacy Act, the Connecticut Data Privacy Act, the Delaware Personal Data Privacy Act, the Indiana Consumer Data Protection Act, the Iowa Consumer Data Protection Act, the Maryland Online Data Privacy Act, the Minnesota Consumer Data Privacy Act, the Montana Consumer Data Protection Act, the Nebraska Data Privacy Act, the New Hampshire Privacy Act, the New Jersey Data Privacy Act, the Oregon Consumer Privacy Act, the Tennessee Information Protection Act, the Texas Data Privacy and Security Act, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act (collectively, the “State Privacy Laws”). Oath may be subject to one or more of these laws depending on where its users are located and whether applicable thresholds are met.
To the extent a State Privacy Law applies to the processing of your personal information, you may have some or all of the following rights, subject to certain exceptions and limitations under applicable law:
- the right to know: to confirm whether we are processing your personal information and to access the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties to whom we disclose it;
- the right to delete: to request deletion of personal information we have collected from you, subject to certain exceptions;
- the right to correct: to request correction of inaccurate personal information we maintain about you;
- the right to data portability: to receive a copy of your personal information in a portable and, to the extent technically feasible, readily usable format;
- the right to opt out of sale or sharing: to opt out of the sale of your personal information or its disclosure for purposes of cross-context behavioral advertising or targeted advertising, to the extent we engage in such practices;
- the right to opt out of profiling: to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you, to the extent we engage in such profiling;
- the right to limit sensitive personal information: to limit our use and disclosure of sensitive personal information to specified permitted purposes (available to California residents); and
- the right to non-retaliation: to exercise any of the foregoing rights free from discrimination or retaliation.
Not all rights listed above are available under every State Privacy Law, and the specific scope of each right may vary by state. Oath will respond to verified requests in accordance with the requirements of the applicable law in your state.
To make a request, use our data request form or email us at privacy@oath.money.
Additional rights for California residents
If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”), provides you with the following additional rights that may not be available to residents of other states:
- the right to know about your sold or shared information: to know what personal information we have sold or shared, as those terms are defined under the CCPA, in the preceding 12 months, and the categories of third parties to whom it was sold or shared;
- the right to limit sensitive personal information: to limit our use and disclosure of sensitive personal information (as defined under the CCPA) to the purposes specified in Cal. Code Regs. tit. 11, § 7027(m), where we use or disclose sensitive personal information for purposes beyond those listed therein;
- the right to opt out of automated decision-making technology (ADMT): to opt out of our use of automated decision-making technology to make significant decisions about you, to the extent we use such technology; and
- the right to access ADMT logic: to obtain meaningful information about the logic involved in any automated decision-making technology we use that produces a decision about you, to the extent we use such technology.
The rights described in the unified U.S. State Privacy Rights section above — including the rights to know, delete, correct, obtain a portable copy of your data, opt out of sale or sharing, opt out of profiling, and be free from retaliation — are also available to California residents and are not limited by this section.
Children
Oath is not directed to children. The Service is intended for users who are at least 18 years old, and we do not knowingly collect personal information from anyone under that age. If you believe a child has provided us information, contact us and we will delete it. Oath does not have actual knowledge that it sells or shares the personal information of consumers under 16 years of age.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after a change takes effect means you accept the updated policy.
Contact us
Questions about this policy or your data? Email us at privacy@oath.money and we’ll help.